Survey Roundup: Executives on Analytics, Internal Audit

A look at some recent surveys and reports dealing with risk and compliance issues. Send surveys and reports to wsjrisk@wsj.com.

A survey of business executives found 26% say they are using data analytics tools and processes to help manage third-party relationship risks. The survey from Deloitte, which sponsors the Risk & Compliance Journal page, found 13% of those surveyed are still learning how to use analytics software and 22% use no data analytics at all. The survey found 31% of respondents said their organization has faced supply chain fraud, waste or abuse in the past 12 months.

While many organizations say they have improved their internal audit capabilities, a survey from PwC finds the progress hasn’t been enough to keep pace with the increasingly risky and complex business landscape. The survey of more than 1,900 chief audit executives, internal audit managers, members of senior management and board members found 55% of senior management reported that they do not believe internal audit adds significant value to their organization, and nearly 30 percent of board members believe it adds less than significant value.

At least 20%, or more than 1,400 banks in the U.S., have inadequate capital levels and poor earnings potential and are candidates to be sold, according to a report by Invictus Consulting Group LLC. The state-by-state study of the nation’s more than 6,700 community banks incorporates the results of capital stress tests of virtually every U.S. bank with assets below $10 billion, identifies and ranks acquisition targets, and calculates the M&A option for each bank to improve shareholder value.

A report from the Government Accountability Office found U.S. government agencies are having a difficult time with cybersecurity, both in securing systems and in responding to breaches. Cybersecurity weaknesses put federal systems and the information they contain, including personally identifiable information, at increased risk, and raise the question of whether the government is able to adequately protect the personal information it collects, such as taxpayer data, Social Security information and patient health data.

Compliance monitoring firm PerformLine found 46% of the web pages that captured contact information failed to meet one or more of the rules from the Telephone Consumer Protection Act. The survey found 54% of the pages checked passed the firm’s TCPA rule checks for valid disclaimer language and having an option for express written consent, while 30% of the pages failed because either the disclaimer was missing or incorrect, or there was no option for express written consent.

A survey by the Institute of Internal Auditors found 42% of chief audit executives in North America held positions outside of internal audit immediately prior to taking their present jobs. The survey found 46% of the nearly 370 chief audit executives who responded rated strategic business risk as the top priority for executive management, while 28% said they consider it the top priority for audit committees.

Banks with a separate board-level risk committee report a higher median return on assets and return on equity compared to banks that govern risk within a combined audit/risk committee or within the audit committee, according to the Risk Practices Survey from Bank Director and banking and payments technology company FIS. The survey found smaller banks are adopting risk practices required only of much larger companies, and that almost all banks with more than $1 billion in assets now have a chief risk officer and 63% govern risk within a separate risk committee of the board.

The majority of financial institutions in the Americas have implemented an integrated approach to enterprise risk management assessments, yet in the Europe, Middle East and Africa, and Asia-Pacific regions, assessments are mostly confined, with each business unit independently managing its own risk assessment, says a report from governance, risk and compliance firm MetricStream. While most say that they have the ability to adapt to regulatory changes, the report found only a handful of financial institutions have implemented a Basel III-compliant ERM program.

A paper by Sapient Global Markets focuses on how the 2008 financial crisis has prompted scrutiny of business models, policies and processes and how this will affect the future of the financial services industry. The report says in many ways we are equally as blind today to the long-term consequences of our efforts to re-order as regulators and industry captains were at the time of the stock market crash in 1929.

A paper by transaction authentication firm Entersekt looks at how banks can successfully prevent financial losses from account takeover and cyberattacks by implementing new transaction signing standards. The paper examines technology’s impact on fraud and security within the financial industry, the impact of existing international standards on U.S. institutions and best practices for complying with new regulations to strengthen account security.

A report on distributed denial-of-service attacks by website security firm Incapsula found more than 25% of all botnets used for DDoS attacks were located in India, China and Iran. The report also found the U.S. is ranked fifth on the list of Top 10 attacking countries, that 29% of botnets attack more than 50 targets a month, and that 46% of all bots used in these attacks were disguised to appear to systems administrators as if they were webcrawlers from the Baidu search engine, while 11.7% posed as Google bots.

Under the ASU, inventory is “measured at the lower of cost and net realizable value,” which eliminates the need to determine replacement cost and evaluate whether it is above the ceiling net realizable value or below the floor. The FASB did not amend other guidance on measuring inventory, such as the LIFO, FIFO and average cost method. In addition to reducing complexity, the proposal would make U.S. GAAP more comparable to IFRS.

Risk & Compliance Bureau

About Risk & Compliance

Risk & Compliance provides news and commentary to corporate executives and others who need to understand, monitor and control the many risks that can tarnish brands, distract management and harm investors. Its content spans governance, risk and compliance and includes analysis of the significance of laws and regulations, the risks inherent in global expansion and the protective moves taken by companies.